220 likes | 383 Vues
Verification of SHUR Macro Cell Library in a Fault Tolerant Digital Signal Processor Application. D. Breuner, P. Coakley, S. Lutjens, and M. Rose Jaycor, Inc., San Diego, CA MAPLD International Conference September 10-12, 2002 DTRA Contract No. DTRA01-99-C-0180. Program Objective.
E N D
Verification of SHUR Macro Cell Library in a Fault Tolerant Digital Signal Processor Application D. Breuner, P. Coakley, S. Lutjens, and M. Rose Jaycor, Inc., San Diego, CA MAPLD International Conference September 10-12, 2002 DTRA Contract No. DTRA01-99-C-0180
Program Objective Develop and Demonstrate a Library of Macro Cells to Implement System Hardening – Upset Recovery (SHUR) in Application-Specific Integrated Circuits (ASICs) and Programmable Logic Devices (PLDs)
SHUR Develops and DemonstratesUpset Recovery Technologies As a “Gate Keeper” SHUR Preserves Signal Integrity
Applications for SHUR Functions • You should consider SHUR if: • Your system relies on critical data to complete its mission • Your system needs to detect and recover from electronic upsets • Your system must recover rapidly from upset • Your system relies on HW/SW to control upset recovery • Your system uses COTS Offers Recovery Insurance
SHUR Technology Products • SHUR provides system designers • Library of upset and recovery building blocks (macro cells) • Performance specifications for library cells • Application guidelines for using library cells • ASIC demonstrating SHUR building block performance • POD’s for contractor evaluation • Software recommendations for rapid recovery SHUR Provides the Building Blocks -- You Providethe Creative Engineering
SHUR Macro Library Combines Features of Circumvention Recovery and Fault Tolerance • Circumvention Recovery • Event detection1 • Protect electronics and critical data2 • Reset post event or timed period4 • Restart at a known state5 • Recover essential data8 • Complete recovery – operational system9 • Fault Tolerance • Errors trapped3 • Errors purged6 • System returned to state without fault7 • * Numbers represent sequence of events executed using SHUR technology
Critical Data and Command/Control FunctionsPassed Through SHUR When upset is detected: • Prevents critical data corruption • Prevents execution of erroneous commands • Monitors interruption time • Initiates rapid data/system recovery As a “Gate Keeper” SHUR Preserves Signal Integrity
Major Function Capability 1. System clock generation 2. Parallel I/O interface 3. Fault Processing 4. General purpose interfaces • Single primary oscillator used to generate internal clock frequencies 66 MHz via phase-locked loop • User selectable output frequency for power saving with glitch free transition • Gated and free running outputs • SRAM like interface provides compatibility with any processor architecture • False-write protection preserves data integrity • Outputs clamped to known state during fault condition • Multiple fault inputs and responses • Configurable matrix for masking or mapping fault signals to corrective responses • Retained data facilitates rapid system recovery • Compliant with system specific hardware sequencing requirements • Bidirectional discrete data lines with false-write protection to enhance system operability, test, and diagnostic capability. • Interfaces can be tailored to meet unique system requirements SHUR Macro Library Implements Four Major System Functions
False-Write Macro Features • Latches address and data into internal SHUR registers • Delays write pulse to non-upsettable memory to ensure data integrity (30 ns minimum) • Generates memory acknowledge signal for processors using automatic wait-state allocation Port Description Name Type Function CLK I System clock NSM_SEL I Selects SHUR function (low) NRESET I Resets logic during power-up (low) INHIBIT I Halts generation of NHWR (low) NHWR O Delayed write pulse ( ) NLATCH O Latches data into SHUR register (low) DMACK O Memory acknowledge Timing
A Proof-of-Design ASIC Used for Macro LibraryVerification for System Upset/Recovery Hardening • Synthesized into Honeywell HX2000 gate array technology to achieve high dose rate upset threshold • ASIC designed to accomplish these objectives: • Demonstrate functional performance of each SHUR macro cell • Validate macro simulation models • Verify macro performance specifications • Provide data to develop macro library application guidelines • Explore SHUR macro application flexibility • Provide a test vehicle for independent contractor evaluation • Extensive laboratory and radiation testing used to fully validate the macro library designs and system applicability
Proof-of-Design ASIC Data Sheet DATA SHEET JAYCOR • SRAM False-Write Protection • Prompt Immune Signal Pass-through • Clock Generation Circuitry • Recall Registers: • Last SHUR Address Written • Last SHUR SRAM Address Written • Off-Line Timer • Interrupt Handler, Router, Sorter • 16 Storage Registers • 2 Programmable Reset Timers / Outputs • 16 Discrete Output Lines • 16 Discrete Input Lines • Event Counter • Latchup Immune • Total Dose Hardness to 106Rad(Si) • Prompt Dose Upset Level >1010Rad(Si)/sec. • Prompt Dose Survivability Level 1012Rad(Si)/sec. • 5 Volt Operation • 352 Pin Quad Flat Pack SHUR POD ASIC D02-080 11
DMWR DMRD SM_SEL DMACK PRIW_N - Non-upsettable interfaces SHUR_RST SPWR_OK Top Level Block Diagram of POD ASIC SRAM_DATA(15:0) Free-running clocks (4) D_SRAM(15:0) DISC_IN(15:0) 22 MHz A_SRAM(19:0) Gated clocks (4) DISC_OUT(15:0) CRYSTAL Internal clock nets (4) FREQ_SEL(2) DO_ENB NOE (66 MHz, CPU_CLK, 1 MHz, 100 kHz) Monitor System Clocks NCS PLL System Clocks Discrete I/O NWE 66MHz CLK SRAM Interface Read/Write Control SRAM Interface HWR_N 66MHz CLK IDATA(31:0) DATA_SYS(31:0) IADD(31:0) ADD_SYS(31:0) SHUR_OUT(31:0) LAST_RADD(31:0) LAST_ADD(31:0) INT_DATA(31:0) INHIBIT RESET Register File CLAMP_N (16x32) Parallel I/O 66MHz CLK HWR_N Read/Write Control Signals 66MHz CLK EC_OUT(31:0) OFF_TIME(23:0) SHUR_STATUS(31:0) FAULT(3:0) PTO(2:0) DATA_EXT_OUT(11:0) DATA_EXT_IN(11:0) STO(2:0) DATA_VAL FLT_INT PWR_EXTN CLAMP Ext Cmd/Control Pass-Through HALT CPU_CLK PRST SRST RESET Fault I/O Fault I/O Fault Processing 66MHz,1MHz,100kHz CLKS
Testability and Risk Reduction Primary Considerations for PLL Insertion Phase-Lock Loop PLL Output External Clock MUX Clock Select ASIC Core
Example of SHUR Components in DSP System • SHUR set up like system Memory • Control signals protected from false signals by using SHUR • Minimal system interrupt • Critical data saved • Minimum hardware for system protection • FSR (Fast System Recovery)
SHUR Integration Into System Design SHUR Functions Provide Flexible Upset Recovery Solutions
SHUR Functions Reduce RecoveryTimeline for GPS/INS Ship or Ground Platform GPS GPS/INS Hot Start Block Diagram Crypto Key Loaded At Factory MISSILE GPS Board GPS Data Collection System GPS Receiver GPS Receiver Fiber-optic Interface Timemark or PTTI Pulse (1 Hz) Initialization Message From Mission CPU Almanac, Ephemeris, Position, Velocity, Time Data Processor Navigation Processor Missile GPS/INS Block Diagram Navigation Processor [CPU] RAM ROM GPS Antenna Gate Array (ASIC) GPS Receiver Module To Mission CPU Fiber Optic Link IMU Digital Data To Missile I/O IMU Extend GPS/INS “Hot Start” Concept to In-Flight Nuclear Upset/Recovery via SHUR Technology
SHUR Functional Implementationin a Multiple Processor Subsystem
Status and Lessons Learned • Status • PODs available for user evaluation • POD ASIC data sheet • SHUR test board user’s manual • Software for macro library verification developed • Bench testing to demonstrate SHUR capabilities began in June • Radiation testing completed in August • Application of SHUR technology to Sensor ASIC and GPS/INS underway • Lessons learned • Rad hard mixed signal design talent in short supply • ASIC design takes longer than VHDL circuit definition • ASIC design tools do not support asynchronous functions • Design simulations never end • Testability-Testability-Testability